Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...

After details of a yet-to-be-announced model were revealed due to the company leaving unpublished drafts of documents and ...

Most likely, a maintainer's GitHub and npm accounts are compromised as these issues are getting deleted. I have also reported this as a vulnerability, so that a CVE can be generated.

Claude Code, Anthropic’s top AI agent, just suffered a major source code leak. Version 2.1.88 exposed 512,000 lines of ...

Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.

A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...

A widely used JavaScript package used with hundreds of millions of downloads has been compromised in a new supply chain ...

Two malicious Axios npm releases have prompted warnings for developers to rotate credentials and treat affected systems as ...